Ottawa’s 2016 memo on cyberthreats points finger at Russia, China

Russia and China have put the safety and security of Canadians at risk by directing hackers to try to wrest control of crucial computer systems, according to a federal government memo acquired by The Globe and Mail.

Ottawa takes the rare step of calling out two countries by name in a 2016 Public Safety Canada document that accuses Moscow and Beijing of trying to compromise this country’s “critical infrastructure.”

This is the government’s term for any corporately held assets within Canada that are considered essential to citizens’ daily lives. The government is now trying to better protect critical infrastructure from cyberattacks through new legislation and funding.

Story continues below advertisement

”Other nation states are exploiting cyberspace for their own economic benefit or strategic advantage,” the memo reads. “… Cyber attack for strategic reasons is more subtle and is focused on gaining access and control of key assets. For example, Russia and China have compromised vital cyber systems in Canadian critical infrastructure, placing the safety and security of Canadians at risk.”

The two-year-old memo does not divulge details or explain the scale of such incursions. But news of it comes as intelligence officials sound alarms about the growing global threat of Russian-directed hackers.

For example, this past spring, government agencies in Canada, the United States and Britain broke with past protocols to publicly accuse Russia of developing malware that seeks to take control of critical infrastructure around the world. Some such reports specifically warn of breaches of energy and nuclear facilities in the United States and Europe.

Another facet of the need to protect Canada’s critical infrastructure surfaced last week when a former Canadian intelligence official called upon the federal Liberal government to deny a $1.5-billion bid by China to take over this country’s third-largest construction company – by arguing this takeover would be akin to Beijing being embedded within some of the continent’s most crucial systems.

“It is hard not to conclude that a range of [construction of] infrastructure projects from dams to power plants, transmission grids to communications infrastructure would raise … national-security concerns as well as some possibility of an adverse American reaction,” Ward Elcock, formerly head of a Canadian spy agency, told a conference last week.

The 2016 Public Safety Canada briefing note, which was obtained by The Globe and Mail as part of a 640-page disclosure under the Access to Information Act, reiterates now-standard warnings about foreign-controlled hackers wanting to steal government and corporate secrets.

But it then goes a significant step further, by alleging some such actors are going beyond cyberespionage to try to take control of entire systems.

Story continues below advertisement

Story continues below advertisement

No more information about these alleged attacks are given. While the Chinese embassy in Ottawa did not immediately respond to questions sent by The Globe, the Russian embassy replied in an e-mail that many “groundless accusations” are being spread by the United States and its allies to promote a “Russophobic narrative.”

Security experts say it is surprising that the 2016 Public Safety Canada note so bluntly accuses Russia and China. “There is nothing that has ever come out publicly,” said Ray Boisvert, a former federal intelligence official who is now a security adviser to the province of Ontario.

There is no consensus on precisely what is considered critical infrastructure in Canada, but Public Safety Canada estimates that 90 per cent of it is controlled by private corporations. The sector is generally understood to include energy and water utilities, as well as the computer systems of financial, manufacturing, or communications companies.

Such entities, however, are not necessarily required to report breaches of their systems, and even when the government is told about them it is not always in a position to disclose what it knows. “Sensitive information submitted by third parties is protected … the department does not comment on whether reports have been received on specific incidents,” said Dan Brien, a spokesman for Public Safety Minister Ralph Goodale.

That said, the Canadian government has called out hackers working for Russia and China in the recent past. Four years ago, in a unique act of openly attributing a specific cyberespionage event to a foreign power, federal officials publicly accused China of breaching Ottawa’s science-funding arm, the National Research Council.

This past February, a serving Canadian intelligence chief of the Communications Security Establishment (CSE), an agency that seeks to protect the federal government’s information systems from cyberattacks, issued a statement accusing “actors in Russia” of developing malware to launch attacks against critical infrastructure around the world.

Story continues below advertisement

The U.S. government’s Computer Emergency Readiness Team reported in March that “Russian government cyber actors – hereafter referred to as ‘threat actors’ – targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

Known as US-CERT, this body added that the Russian-controlled hackers “accessed workstations and servers on a corporate network that contained data output from control systems within energy-generation facilities.”

Under Bill C-59, which is now before Parliament, CSE would be given a much broader mandate to protect all key computer systems in Canada, including those in the private sector deemed to be “of importance to the Government of Canada.”

The 2016 Public Safety Canada memo was sent as a note to Monik Beauregard, an assistant deputy minister in charge of cybersecurity matters as she was being briefed ahead of her appearances that year before parliamentary committees.

Despite the red-flagging of China in this note, the record shows that Ms. Beauregard sidestepped a question about its activities. When a senator specifically asked her during a public hearing whether Canada was “vulnerable to cyberespionage by China,” Ms. Beauregard redirected by saying “it’s not that we’re totally agnostic as to what the origin is, but what we’re trying to understand is the actual hack itself.”

Ms. Beauregard did give senators a high-level overview about the broad sectors that have been designated as critical infrastructure in Canada. “Finance; food; transportation; government; information and communication technology; health; water; safety; and manufacturing,” she said at the time.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.